[ http://issues.apache.org/jira/browse/TAPESTRY-936?page=comments#action_12378055 ]
James Carman commented on TAPESTRY-936: --------------------------------------- I agree that we shouldn't put any sort of "authentication framework" into Tapestry. But, we can make it easier to implement one by adding an IEngineService.createCallback( IRequestCycle ) method. > Provide basic authentication mecanisms > -------------------------------------- > > Key: TAPESTRY-936 > URL: http://issues.apache.org/jira/browse/TAPESTRY-936 > Project: Tapestry > Type: Improvement > Components: Framework > Versions: 4.1 > Reporter: Henri Dupre > > Several implementation details (creation of ICallbacks and page redirection) > make adding authentication to a tapestry application not a trivial task. > Page redirection can only be done in page validate thus making impossible to > capture the state of a page (for instance, properties + parameters of an > activateExternalPage). > After looking at the code, this has implications in the core of the engine > itself and making these changes might not be trivial. But instead of adding > features for generating ICallbacks and page redirection, why not directly > wire an authentication API inside the framework? > Here is a suggestion: > - provide a blank AuthenticatedPage interface or configuration that allows > pages to say that they require authentication > - provide a hivemind configuration point to plug an authentication service: > this service has methods to figure out if a user is authenticated or not and > also provides a page name that is called when a user is not authenticated > - the authentication pages have to implement a specific interface or another > mecanism that tell that the authentication process is finished (the process > might consist of several pages, e.g. new account creation) > - the engine takes care of the rest: before calling the authentication page, > a basic state is captured after the page is setup (all declared properties > are saved), and once the authentication process is finished, all that state > is restored and the page is called -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
